2012年5月21日星期一

ABC tech hacked Grandstand to earn virtual cash

An ABC employee who tried to earn virtual currency by installing Bitcoin "mining" software on one of the broadcaster's most popular sites has kept his job.

The employee, who had "high-level IT access privileges", was disciplined after placing the unauthorised code on the ABC Grandstand Sports website.

Visitors looking for sports scores or watching videos of a popular match "may have been exposed to the Bitcoin software", the ABC said. The software uses idle computer processing power from computers on a peer-to-peer network, to generate Bitcoins, which can be exchanged for cash.

While there was no impact on the ABC's internal and external online distribution infrastructure, it was not possible for the ABC to "ascertain whether any audience members were affected by the Bitcoin software".

Security firms warned last year of potential networks of zombie computers - botnets - running Bitcoin mining software and it spreading like malware to other people's computers.

The ABC had not received any such complaints from visitors.

In addition to being disciplined, the employee's access to all productions systems has been restricted.

The employee, who has not been named, is now being closely supervised, the ABC said in its response to the Senate Estimates questions.

Senator Abetz will pursue the matter when the ABC appears before Senate Estimates on Wednesday.

It is understood he will ask for details on how many visitors accessed the infected site, which pages were affected by the code, and what code was used.

A spokesman for Senator Abetz said it appeared that there had been a serious breach of security on a publicly funded website.

"It's not just ABC computers that were potentially affected - it was computers owned and operated by members of the general public that may have been, for lack of a better word, infected by this code," the spokesman said.

The spokesman said that, despite initial concerns that the processing power of ABC servers was being used to mine for Bitcoins, "it now appears they were trying to use the computers of visitors to the ABC Grandstand website to mine these".

"Presumably that would have been through a Javascript that users would have downloaded inadvertently to their machines and, while they were on that website, the apparent intent of whoever put this code there would have been that people would be generating Bitcoins for their private use."

Senator Abetz's spokesman said he was also concerned at the lack of public disclosure over the breach, and that the opposition would be seeking more information from the ABC through the Senate Estimates process.

没有评论:

发表评论